Severity: Critical
CVSS Score: 9.4
### Summary An authentication bypass in the optional `voice-call` extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to `allowlist` or `pairing`. Deployments that do not install/enable the `voice-call` extension are not affected. ### Affected Packages / Versions - `openclaw` (npm): `<= 2026.2.1` - Fixed in: `>= 2026.2.2` ### Details In affected versions (for example `2026.2.1`), the inbound allowlist check in `extensions/voice-call/src/manager.ts` used suffix-based matching and accepted empty caller IDs after normalization. This allowed two bypasses: 1. Missing/empty `from` values normalized to an empty string, which caused the allowlist predicate to evaluate as allowed. 2. Suffix-based matching meant any caller number whose digits ended with an allowlisted number would be accepted. ### Proof Of Concept 1. Configure the voice-call extension with `inboundPolicy: allowlist` and `allowFrom: ["+15550001234"]`. 2. Place/trigger an inbound call with missing/empty caller ID (provider-dependent; for example anonymous/restricted caller). The call is accepted. 3. Place a call from a number whose E.164 digits end with `15550001234` (for example `+99915550001234`). The call is accepted. ### Impact Only operators who install/enable the optional `voice-call` extension and use `inboundPolicy=allowlist` or `pairing` could have inbound access controls bypassed, potentially allowing unauthorized callers to reach auto-response and tool execution. ### Fix The fix hardens inbound policy handling: - Reject inbound calls when caller ID is missing. - Require strict equality when comparing normalized caller IDs against the allowlist (no suffix/prefix matching). - Add regression tests for missing caller ID, anonymous caller ID, and suffix-collision cases. Fix commit(s): - `f8dfd034f5d9235c5485f492a9e4ccc114e97fdb` Thanks @simecek for reporting.